Q
Manage Learn to apply best practices and optimize your operations.

Securing Operations Navigator -- revisited

A question about securing Operations Navigator was posed to you on August 31 of this year.

Both of your answers required the ability to manage the application from the PC side. In my world, I have very little or no control of the PC because many of them reside at the client site. The developers and application people generally have enough access to hurt themselves. (This is changing thanks to your Experts? Guide to OS/400 &i5/OS Security book. Thank you!

Here are some examples of problems that really happened to me:

1. User A has *Change authority to file "A". The user goes into OpsNav/Databases/Libraries/File "A" and changes a key field. Destroying that function of the application and taking me hours to figure out. Especially without an audit trail, but I'll save that question for later.

2. User "A" has *All authority to development file "B". The user goes into OpsNav/File Systems/Integrated file System/QSYS.LIB/Library 123/File 'B'. Right clicks the file and attempts to drag the file to a new library and their finger slips from the mouse and because of the lag in OpsNav they don't know for sure were the file was dropped. (An object search found it before there was trouble, but this could have been murder -- or at least suicide.

Is there a way to secure OpsNav functions from the server side?


The short answer is No. App Admin is the closest you'll come to being able to control the users access to iSeries Navigator function. But with enough knowledge, it could be by-passed. It's a good first line of defense, however.

The real answer is to implement object level security. That way, whether the user is accessing the file through iSeries Navigator functions, a Web application, ODBC, sockets, the command line, etc, the object level authority is in effect.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips


This was last published in October 2004

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

Close